Thank you

Sorry

Late last week, Wired reporter Matthew Honan's digital life was shaken like a squirrel in the mouth of pit bull. With the unwitting help of Apple and Amazon, a group of hackers gained access to Honan's online identity and proceeded to have their way with it.

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

Scary? You bet. And the hackers couldn't have done it without the massive and total failure of both Apple and Amazon to safeguard their customers' data.

A few hours after Honan blogged about his virtual buggering on his Tumblr page, one of the hackers -- a guy calling himself "Phobia," from a group called Clan Vv3 -- got in touch with him and told him how they did it.

It started with Honan's Twitter account, which linked to his personal website, where Phobia found Honan's Gmail address. Using Google's account recovery page, Phobia gleaned Honan's alternate email, which was an Apple @me address. As Honan wrote:

Since he already had the e-mail, all he needed was my billing address and the last four digits of my credit card number to have Apple's tech support issue him the keys to my account.

Phobia got Honan's billing address via a Whois search on Honan's domain, then used a bit of social engineering to get Amazon's tech support to provide him with the last four digits of Honan's credit card number. (I won't get into all the nitty-gritty; Honan does a fine job summarizing it himself.)

Once Phobia and friends gained access to Honan's Apple account, it was game over. They could do whatever they wanted to him -- and they did, proceeding to wipe out every photo Honan had ever taken of his two-year-old daughter, to name just one example.

Why did they do this to Honan? Because they coveted his Twitter handle, @mat. That was all it took.

To prove it wasn't an isolated failure caused by some clueless support tech, other Wired reporters duplicated the hack twice on other accounts using the same techniques (but without causing any damage, obviously).